/******************************************************************************
 * This program is a 100% Java Email Server.
 ******************************************************************************
 * Copyright (c) 2001-2011, Eric Daugherty (http://www.ericdaugherty.com)
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *   * Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *   * Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 *   * Neither the name of the copyright holder nor the
 *     names of its contributors may be used to endorse or promote products
 *     derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER ''AS IS'' AND ANY
 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY
 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 ******************************************************************************
 * For current versions and more information, please visit:
 * http://javaemailserver.sf.net/
 *
 * or contact the authors at:
 * java@ericdaugherty.com
 * andreaskyrmegalos@hotmail.com
 *
 ******************************************************************************
 * This program is based on the CSRMail project written by Calvin Smith.
 * http://crsemail.sourceforge.net/
 ******************************************************************************
 *
 * $Rev$
 * $Date$
 *
 ******************************************************************************/

package com.ericdaugherty.mail.server.security;

//Java Imports
import java.net.InetAddress;
import java.net.SocketPermission;
import java.security.*;
import java.util.Map;

//Logging Imports
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

//Local Imports
import com.ericdaugherty.mail.server.configuration.ConfigurationManager;

/**
 * The JES extended Security Manager. Supports port listen permission checking.
 *
 * @author Andreas Kyrmegalos
 */
public class JESSecurityManager extends SecurityManager{

   private static final Log log = LogFactory.getLog( JESSecurityManager.class );

   private AccessControlContext acc;

   public JESSecurityManager() {
      updateMappedPorts();
   }

   public final void updateMappedPorts() {
      Map<String,Integer> mappedPorts = ConfigurationManager.getInstance().getMappedPorts();
      PermissionCollection pc = new Permissions();
      InetAddress listenAddress = ConfigurationManager.getInstance().getListenAddress();
      String listen = listenAddress==null?"0.0.0.0":listenAddress.getHostAddress();
      if (mappedPorts.containsKey("smtp")) {
         pc.add(new SocketPermission(listen+":"+mappedPorts.get("smtp"), "listen,resolve"));
      }
      if (mappedPorts.containsKey("pop3")) {
         pc.add(new SocketPermission(listen+":"+mappedPorts.get("pop3"), "listen,resolve"));
      }
      if (mappedPorts.containsKey("secureSmtp")) {
         pc.add(new SocketPermission(listen+":"+mappedPorts.get("secureSmtp"), "listen,resolve"));
      }
      if (mappedPorts.containsKey("securePop3")) {
         pc.add(new SocketPermission(listen+":"+mappedPorts.get("securePop3"), "listen,resolve"));
      }
      if (mappedPorts.containsKey("amavis")) {
         pc.add(new SocketPermission(listen+":"+mappedPorts.get("amavis"), "listen,resolve"));
      }
      if (mappedPorts.containsKey("testing")) {
         pc.add(new SocketPermission(listen+":"+mappedPorts.get("testing"), "listen,resolve"));
      }
      if (mappedPorts.containsKey("config")) {
         listenAddress = ConfigurationManager.getInstance().getConfigurationAddress();
         listen = listenAddress==null?"0.0.0.0":listenAddress.getHostAddress();
         pc.add(new SocketPermission(listen+":"+mappedPorts.get("config"), "listen,resolve"));
      }
      
      synchronized (this) {
         acc = new AccessControlContext(new ProtectionDomain[]{new ProtectionDomain(null, pc)});
      }
   }

   public synchronized void checkPortPermission(SocketPermission socketPermission) throws AccessControlException {
      if (log.isDebugEnabled()) {
         log.debug("Checking permission: "+socketPermission.getName()+" "+socketPermission.getActions());
      }
      acc.checkPermission(socketPermission);
   }

   @Override
   public void checkListen(int port) {}
}
